Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ahmetak4n/radar

Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish etc.
https://github.com/ahmetak4n/radar

gophish radar shodan sonarqube

Last synced: 3 months ago
JSON representation

Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish etc.

Host: GitHub
URL: https://github.com/ahmetak4n/radar
Owner: ahmetak4n
License: gpl-3.0
Created: 2021-04-23T21:15:40.000Z (over 3 years ago)
Default Branch: master
Last Pushed: 2024-05-01T22:35:32.000Z (6 months ago)
Last Synced: 2024-05-21T03:01:50.669Z (6 months ago)
Topics: gophish, radar, shodan, sonarqube
Language: Go
Homepage:
Size: 6.97 MB
Stars: 10
Watchers: 1
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

awesome-hacking-lists - ahmetak4n/radar - Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish etc. (Go)

README

[![build](https://github.com/ahmetak4n/radar/actions/workflows/build.yml/badge.svg)](https://github.com/ahmetak4n/radar/actions/workflows/build.yml)
[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=ahmetak4n_radar&metric=alert_status)](https://sonarcloud.io/dashboard?id=ahmetak4n_radar)
[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=ahmetak4n_radar&metric=bugs)](https://sonarcloud.io/summary/new_code?id=ahmetak4n_radar)
[![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/ahmetak4n/radar/badge)](https://api.securityscorecards.dev/projects/github.com/ahmetak4n/radar)

# radar
A lot of tool using in DevSecOps pipelines. But DevSecOps process does not include secure configuration of these tools. That's why too many misconfigured DevSecOps tools exist on internet. Also so many security tools used for Phishing or Scanning are available on internet with old versions or misconfigured way or default credentials.

The Radar find DevSecOps or Security tools via Shodan and check their configuration.

Scanned Tools:
- SonarQube
- Check default credential
- Show public projects and details
- Download source codes from selected project
- GoPhish
- Check default credential

# build
```bash
git clone https://github.com/ahmetak4n/radar.git
cd radar
go buid radar.go
```

# usage
Help

`./radar -h`

Scan misconfigured SonarQube services

`./radar sonarqube -aK $SHODAN_API_KEY`

Scan Gophish services that work run with default credentials

`./radar gophish -aK $SHODAN_API_KEY`

# screenshots
Find sonarqube services
![sonar_how_to](https://github.com/ahmetak4n/radar/blob/master/sonarqube_how_to.png)

Download source code from detected sonarqube services
![sonar_how_to](https://github.com/ahmetak4n/radar/blob/master/sonarqube_scd_how_to.png)

Find gophish services
![gophish_how_to](https://github.com/ahmetak4n/radar/blob/master/gophish_how_to.png)

# disclaimer
Radar is developed for InfoSec persons. It should be used for authorized testing and/or educational purposes only.
**I take no responsibility for the abuse of Radar**